[python-ldap] Updating binary data with python-ldap
Per-Erik Persson
peptekmail at gmail.com
Tue Jan 26 13:56:45 EST 2021
Thanks, it works!
There was a newline in the DER-file!
The openldapclient can handle that but not python-ldap.
But the errormessage was not obvious to me.
Den mån 25 jan. 2021 05:55William Brown <william at blackhats.net.au> skrev:
>
>
> > On 22 Jan 2021, at 06:25, Per-Erik Persson <peptekmail at gmail.com> wrote:
> >
> > After siphoning the internet without any luck on how to insert a
> DERformated certificate into the userCertificate field I turn to this
> mailinglist.
> >
> > Python-ldap complains even if 'userCertificte;binary' is used.
>
> The ';binary' tag is just a hint that it contains binary data, it doesn't
> tell the server to accept it.
>
> During the python2 to 3 migration, this caused a lot of "pain" in this
> area, as pythons utf8 strings *aren't* the same as a binary buffer. We
> ended up with an "ensure_bytes" function for trying to support this bridged
> between python2/3
>
> >
> > Using the openldap client with a ldif file works.
> > Does anyone have a working code example in python?
> >
>
> with open(der_path, 'rb') as f:
> val = f.read()
>
> if val is not None and type(val) != bytes:
> val = val.encode()
>
> conn.modify_s(dn, [(ldap.MOD_ADD, 'usercertificate;binary', val)], ...)
>
>
> Maybe try this? We have this in lib389 as part of 389-ds and it works for
> us. Remember the userCertificate field expects a DER cert, not PEM, but
> this could end up with some implementation specifics.
>
>
> >
> > _______________________________________________
> > python-ldap mailing list
> > python-ldap at python.org
> > https://mail.python.org/mailman/listinfo/python-ldap
>
> --
> Sincerely,
>
> William
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-ldap/attachments/20210126/aa8a1631/attachment.html>
More information about the python-ldap
mailing list